From caeaa7dd788706e4e6bd1729e35345810b75e775 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Tue, 7 Oct 2014 17:06:29 -0400 Subject: [PATCH] added registration token API --- .../java/org/mitre/oauth2/web/TokenAPI.java | 30 +++++++++++++++++++ .../service/impl/DefaultOIDCTokenService.java | 13 ++++++++ .../ClientDynamicRegistrationEndpoint.java | 2 +- 3 files changed, 44 insertions(+), 1 deletion(-) diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java index 0fe1994c9..add29adbc 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java @@ -26,6 +26,7 @@ import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.OAuth2TokenEntityService; import org.mitre.oauth2.view.TokenApiView; +import org.mitre.openid.connect.service.OIDCTokenService; import org.mitre.openid.connect.view.HttpCodeView; import org.mitre.openid.connect.view.JsonErrorView; import org.slf4j.Logger; @@ -54,6 +55,9 @@ public class TokenAPI { @Autowired private ClientDetailsEntityService clientService; + + @Autowired + private OIDCTokenService oidcTokenService; private static Logger logger = LoggerFactory.getLogger(TokenAPI.class); @@ -152,6 +156,32 @@ public class TokenAPI { } + @PreAuthorize("hasRole('ROLE_ADMIN')") + @RequestMapping(value = "/registration/{clientId}", method = RequestMethod.PUT, produces = "application/json") + public String rotateRegistrationTokenByClientId(@PathVariable("clientId") String clientId, ModelMap m, Principal p) { + ClientDetailsEntity client = clientService.loadClientByClientId(clientId); + + if (client != null) { + OAuth2AccessTokenEntity token = oidcTokenService.createRegistrationAccessToken(client); + token = tokenService.saveAccessToken(token); + + if (token != null) { + m.put("entity", token); + return TokenApiView.VIEWNAME; + } else { + m.put("code", HttpStatus.NOT_FOUND); + m.put("errorMessage", "No registration token could be found."); + return JsonErrorView.VIEWNAME; + } + } else { + // client not found + m.put("code", HttpStatus.NOT_FOUND); + m.put("errorMessage", "The requested client with id " + clientId + " could not be found."); + return JsonErrorView.VIEWNAME; + } + + } + @RequestMapping(value = "/refresh", method = RequestMethod.GET, produces = "application/json") public String getAllRefreshTokens(ModelMap m, Principal p) { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java index cb4b1dc39..222cf2a58 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java @@ -29,6 +29,7 @@ import org.mitre.oauth2.model.AuthenticationHolderEntity; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.repository.AuthenticationHolderRepository; +import org.mitre.oauth2.service.OAuth2TokenEntityService; import org.mitre.oauth2.service.SystemScopeService; import org.mitre.openid.connect.config.ConfigurationPropertiesBean; import org.mitre.openid.connect.service.OIDCTokenService; @@ -39,6 +40,7 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.token.TokenService; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.stereotype.Service; @@ -83,6 +85,9 @@ public class DefaultOIDCTokenService implements OIDCTokenService { @Autowired private SymmetricCacheService symmetricCacheService; + + @Autowired + private OAuth2TokenEntityService tokenService; @Override public OAuth2AccessTokenEntity createIdToken(ClientDetailsEntity client, OAuth2Request request, Date issueTime, String sub, OAuth2AccessTokenEntity accessToken) { @@ -202,6 +207,14 @@ public class DefaultOIDCTokenService implements OIDCTokenService { @Override public OAuth2AccessTokenEntity createRegistrationAccessToken(ClientDetailsEntity client) { + // revoke any previous tokens + OAuth2AccessTokenEntity oldToken = tokenService.getRegistrationAccessTokenForClient(client); + if (oldToken != null) { + tokenService.revokeAccessToken(oldToken); + } + + // create a new token + Map authorizationParameters = Maps.newHashMap(); OAuth2Request clientAuth = new OAuth2Request(authorizationParameters, client.getClientId(), Sets.newHashSet(new SimpleGrantedAuthority("ROLE_CLIENT")), true, diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java index 708484740..9de77125b 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java @@ -163,7 +163,7 @@ public class ClientDynamicRegistrationEndpoint { // generate the registration access token OAuth2AccessTokenEntity token = connectTokenService.createRegistrationAccessToken(savedClient); - tokenService.saveAccessToken(token); + token = tokenService.saveAccessToken(token); // send it all out to the view